RE: Instant chats and central servers
Can you require access via SSH tunnel?
-----Original Message----- From: Jason Slagle [mailto:raistlin@tacorp.net] Sent: Tuesday, May 08, 2001 6:39 PM To: Christopher A. Woodfield Cc: nanog@merit.edu Subject: Re: Instant chats and central servers
Newer versions of bahamut will do encrypted links. Just rc4.
Scalability while compressing to clients is a severly limiting factor unless you only plan on using it locally.
Jason
-- Jason Slagle - CCNP - CCDP Network Administrator - Toledo Internet Access - Toledo Ohio - raistlin@tacorp.net - jslagle@toledolink.com - WHOIS JS10172 /"\ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . \ / ASCII Ribbon Campaign . If dreams are like movies then memories X - NO HTML/RTF in e-mail . are films about ghosts.. / \ - NO Word docs in e-mail . - Adam Duritz - Counting Crows
On Tue, 8 May 2001, Christopher A. Woodfield wrote:
This begs a question - does anyone have good experience
with SSL-enabled
IRC servers? I'm testing UnrealIRCd right now, but I've run into some showstopper bugs when trying to link servers over SSL. Any other suggestions?
-Chris
On Tue, May 08, 2001 at 08:50:29PM +0200, Peter van Dijk wrote:
On Tue, May 08, 2001 at 11:35:27AM -0700, Sean Donelan wrote: [snip]
If folks are using this these services for real-time
communications,
should we be trying to improve their reliability? Or is this just a "feature" of how presence services work.
We use IRC for internal communication, and for communication with techies of several other Dutch ISPs. Works like a charm, and the irc server is local to us. If it's down, you pick another irc-server on the same network.
Works for us, works for lot of people.
Greetz, Peter.
No. This is Dalnet's ircd. With an average of > 65000 users, encryption to the CLIENT is not feasible. Adding support probably wouldn't be too tricky to someone with C expierence. Jason -- Jason Slagle - CCNP - CCDP Network Administrator - Toledo Internet Access - Toledo Ohio - raistlin@tacorp.net - jslagle@toledolink.com - WHOIS JS10172 /"\ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . \ / ASCII Ribbon Campaign . If dreams are like movies then memories X - NO HTML/RTF in e-mail . are films about ghosts.. / \ - NO Word docs in e-mail . - Adam Duritz - Counting Crows On Wed, 9 May 2001, Roeland Meyer wrote:
Can you require access via SSH tunnel?
-----Original Message----- From: Jason Slagle [mailto:raistlin@tacorp.net] Sent: Tuesday, May 08, 2001 6:39 PM To: Christopher A. Woodfield Cc: nanog@merit.edu Subject: Re: Instant chats and central servers
Newer versions of bahamut will do encrypted links. Just rc4.
Scalability while compressing to clients is a severly limiting factor unless you only plan on using it locally.
Jason
-- Jason Slagle - CCNP - CCDP Network Administrator - Toledo Internet Access - Toledo Ohio - raistlin@tacorp.net - jslagle@toledolink.com - WHOIS JS10172 /"\ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . \ / ASCII Ribbon Campaign . If dreams are like movies then memories X - NO HTML/RTF in e-mail . are films about ghosts.. / \ - NO Word docs in e-mail . - Adam Duritz - Counting Crows
On Tue, 8 May 2001, Christopher A. Woodfield wrote:
This begs a question - does anyone have good experience
with SSL-enabled
IRC servers? I'm testing UnrealIRCd right now, but I've run into some showstopper bugs when trying to link servers over SSL. Any other suggestions?
-Chris
On Tue, May 08, 2001 at 08:50:29PM +0200, Peter van Dijk wrote:
On Tue, May 08, 2001 at 11:35:27AM -0700, Sean Donelan wrote: [snip]
If folks are using this these services for real-time
communications,
should we be trying to improve their reliability? Or is this just a "feature" of how presence services work.
We use IRC for internal communication, and for communication with techies of several other Dutch ISPs. Works like a charm, and the irc server is local to us. If it's down, you pick another irc-server on the same network.
Works for us, works for lot of people.
Greetz, Peter.
No.
This is Dalnet's ircd. With an average of > 65000 users, encryption to the CLIENT is not feasible.
Adding support probably wouldn't be too tricky to someone with C expierence.
Jason
I don't see how that can be. A P3-600 can RC4 encrypt over 60MB/sec in 64 byte blocks. That figure drops to only 45MB/sec in 8 byte blocks. This is a slight overstatement because cache effectiveness is increased by repeatedly encrypting the same stream. If a chat server with a P3-733 has a throughput of, say, 8MB/sec out and 3MB/sec in, encryption on all that traffic would eat less than 15% of the CPU. There would be some memory usage to store all the encryption/decryption state information but memory is cheap. If you used a dual processor machine and separated the actual chat layer from the I/O layer, you could put the encryption in the I/O layer. This is actually not that terribly hard to hack into Ircd. I think you're simply assuming that it's infeasible but you haven't actually tried it or done the math. We've done it with ConferenceRoom, and the encryption load is so low as to be almost lost in the noise. DS PS: If you use public-key encryption to do the initial key exchange, that can be significant if you have a high rate of connection establishment. But if you assume that everybody has a password already known to both them and the chat server, it's not a problem.
-- Jason Slagle - CCNP - CCDP Network Administrator - Toledo Internet Access - Toledo Ohio - raistlin@tacorp.net - jslagle@toledolink.com - WHOIS JS10172 /"\ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . \ / ASCII Ribbon Campaign . If dreams are like movies then memories X - NO HTML/RTF in e-mail . are films about ghosts.. / \ - NO Word docs in e-mail . - Adam Duritz - Counting Crows On Wed, 9 May 2001, David Schwartz wrote:
No.
I don't see how that can be. A P3-600 can RC4 encrypt over 60MB/sec in 64 byte blocks. That figure drops to only 45MB/sec in 8 byte blocks. This is a slight overstatement because cache effectiveness is increased by repeatedly encrypting the same stream.
If a chat server with a P3-733 has a throughput of, say, 8MB/sec out and 3MB/sec in, encryption on all that traffic would eat less than 15% of the CPU. There would be some memory usage to store all the encryption/decryption state information but memory is cheap.
Our tests with RC4 seem to indicate different. Maybe we just have a bad implementation of it. Maybe it's time to look at it more.
If you used a dual processor machine and separated the actual chat layer from the I/O layer, you could put the encryption in the I/O layer. This is actually not that terribly hard to hack into Ircd.
Nope, and that seperation is planned, but probably not until we do out full rewrite.
I think you're simply assuming that it's infeasible but you haven't actually tried it or done the math. We've done it with ConferenceRoom, and the encryption load is so low as to be almost lost in the noise.
As I said, we can encrypt now between servers (The code is in). Based on the math we saw testing this functionality, it didn't seem feasible to do it to the clients, but as I said, maybe we just had a bad implementaion. :puts it on the list of things to try: Jason
participants (3)
-
David Schwartz -
Jason Slagle -
Roeland Meyer